NASA is implementing a new data encryption policy on portable devices after another of its laptops was lost, potentially exposing sensitive information.

NASA is implementing a new data encryption policy on portable devices after another of its laptops was lost, potentially exposing sensitive information.

The space agency, responsible for putting the first human on the moon, made a series of security blunders by not encrypting what is classified as “sensitive personally identifiable information” on a laptop that was stolen, along with a number of documents, from a staff member's car at NASA's headquarters.

The laptop was password protected, but that might prove little defence against hackers. The firm has now not only ordered that no staff can remove company laptops with sensitive information from its facilities, but that those laptops should be encrypted, which would provide considerably more protection.

NASA is now warning of phishing hoaxes, including emails and phone calls, that might make use of personal information found on the laptop to bypass security verification procedures. It said it may need up to 60 days to review the information stolen and contact the relevant people.

The new encryption rules are designed to cover all laptops by a month's time, with a substantial amount sought by next Wednesday. Any laptop containing information about the international sale or transport of weapons and nuclear equipment, along with human resources data and other sensitive but unclassified information, will need to be encrypted before leaving NASA buildings. No other mobile devices, such as smartphones or tablets, are allowed to store sensitive information.

NASA has already had losses and thefts before, with 48 laptops disappearing between April 2009 and April 2011. It seems it has finally learned its lesson.